P2P Traffic Measurement

After our decentralized filesharing post we discovered this item from ACM News Service, “Is P2P Dying or Just Hiding?”

High-order bits excerpted from the paper itself:

In our traces, P2P traffic volume has not dropped since 2003. Our datasets are inconsistent with claims of significant P2P traffic decline.

We present a methodology for identifying P2P traffic originating from several different P2P protocols. Our heuristics exploit common conventions of P2P protocols, such as the packet format.

We illustrate that over the last few years, P2P applications evolved to use arbitrary ports for communication.

We claim that accurate measurements are bound to remain difficult since P2P users promptly switch to new more sophisticated protocols, e.g., BitTorrent.

More bits:

CAIDA monitors capture 44 bytes 2 of each
packet (see section III), which leaves 4 bytes of TCP packets to
be examined (TCP headers are typically 40 bytes for packets that
have no options). While our payload heuristics would be capable
of effectively identifying all P2P packets if the whole payload
was available, this 4-byte payload restriction limits the number
of heuristics that can undoubtedly pinpoint P2P flows. For example,
BitTorrent string “GET /torrents/” requires 15 bytes of
payload for complete matching. Our 4-byte view of “GET ”
could potentially indicate a non-P2P web HTTP request.

UC Riverside’s Thomas Karagiannis, the Cooperative Association for Internet Data Analysis’ (CAIDA) Andrew Broido, et al. dispute popular media reports that peer-to-peer (P2P) file-sharing has declined precipitously in the last year, and contend that the reverse is actually the case. The authors attempted to measure P2P traffic at the link level more accurately by gauging traffic of all known popular P2P protocols, reverse engineering the protocols, and labeling distinctive payload strings. The results support the conclusion that 2004 P2P traffic is at least comparable to 2003 levels, while rigid adherence to conventional P2P traffic measurement techniques leads to miscalculations. The percentage of P2P traffic was found to have increased by about 5 percent relative to traffic volume. Furthermore, comparisons between older and current P2P clients revealed that the use of arbitrary port numbers was elective in older clients, while current clients randomize the port number upon installment without the need for user action. Meanwhile, P2P population studies found that the ranks of IPs grew by about 60,000 in the last year, and the number of ASes participating in P2P flows expanded by roughly 70 percent. These findings outline several trends, including evolving tension between P2P users and the entertainment sector; increasing demand for home broadband links; plans to directly induce P2P applications into profitable traffic configurations; and a significant transformation in supply and demand in edge and access networks, provided that P2P traffic maintains its growth and legal entanglements are eliminated.

The full article (pdf) is contains many more bits for the interested reader…